Abstract: A system provides an efficient way of providing electronic accounts to customers over a public network, in which all payments are traceable, i.e. anonymity is available to the degree that the customer provides an account number for paying for the transaction, and that uses as much as possible of emerging public network payment protocols. One embodiment of the system handles small payment from customers to merchants without burdening the banks with each small transaction by aggregating the payment at a payment gateway from the customers and to the merchants.

Abstract: The configuration procedure for an access code and for a security code is provided, comprising: providing references retaining element file that records the base checkerboard-like substrate, checkerboard-like substrates and the color substrates as a graphical image with a hierarchical layered structure arranged on the base substrate, assigning the digital elements to both the x- and the y-axes of the base substrate, assigning the digital elements assigned to the references retaining element on the base substrate perpendicular to the selected two retaining element to the selected two retaining element of the checkerboard-like substrate, configuring code based on the assigned digital elements and the prescribed priority order of the first and areal codes and at the time of the code configuration, recording the location of the retaining element, coaxially rotating the checkerboard-like substrates and color substrates with respect to base checkerboard-like substrate, whereby a new code is configured based on the

Abstract: Plaintext elements and masking array elements are converted into digits in another number base. The resulting digits are combined modulo the new number base and the result is converted back into elements using the original number base resulting in ciphertext elements. For recovery of the plaintext, the ciphertext elements and masking array elements are converted again into digits in the same number base as used for encryption and a reverse arithmetic combination of these digits is employed, modulo the new number base, and the result of the combination is converted back into elements in the original number base resulting in the original plaintext elements.

Abstract: A method for inserting a watermark signal into data to be watermarked. The method includes the steps of: applying a partial watermark extraction to unwatermarked data for generating a first set of intermediate extracted values; identifying a first set of target values that are to replace the intermediate extracted values; computing the difference between the first set of target values and the first set of intermediate extracted values; and adding the computed difference throughout the unwatermarked data.

Abstract: A cryptographic technique that not only provides fast and extremely secure encryption and decryption but also assures integrity of a ciphertext message. This technique involves, during message encryption: generating, in response to an incoming plaintext message, an intermediate stream--such as by chaining the message, wherein a predefined portion of the intermediate stream defines a message authentication code (MAC); inserting an encrypted version of the MAC into a predefined portion of a ciphertext message; and generating, in response to the intermediate stream and the encrypted MAC, a remainder of the ciphertext message such that the remainder exhibits a predefined variation, e.g., a pseudo-random sequence, also contained within the encrypted MAC. Decryption proceeds in essentially a reverse fashion.

Abstract: A method which includes performing a structure analysis on a natural sentence inputted by making use of a word dictionary DIC-WD and a configuration dictionary DIC-KT and converting letter series KNJ of the inputted natural sentence into a language structure information series IMF-LSL. The natural sentence inputted in the form of the language structure information series IMI-LSL is subjected in such a manner to application of meaning analysis grammar IMI-GRM to cause a single or a plurality of meaning frames IMF-FRM to be read out from a meaning frame dictionary DIC-IMI in accordance with commands of the meaning analysis grammar IMI-GRM. When a plurality of meaning frames IMI-FRM are read out a meaning frame which defines an abstract meaning expressed by the inputted natural sentence is synthesized by case coupling and/or logic coupling the meaning frames IMI-FRM.

Abstract: Apparatus and method for encrypting and decrypting using permutation, concatenation and decatenation together with rotation and arithmetic and logic combining with elements or digits or characters from random, pseudo-random, or arbitrary sources wherein the plaintext may be partitioned, block-by-block, the block size being a user selectable power of 2 in size. The data bytes in the input block are selected M bytes at a time, where M.gtoreq.2, with permuted addressing to form a single concatenated data byte, CDB. The CDB is modified by rotating (or barrel shifting) a random bit distance. The CDB may also be modified before or after rotation by simple arithmetic/logic operations. After modification, the CDB is broken up into M bytes and each of the M bytes is placed into the output block with permuted addressing. The output block, or ciphertext, may again be used as an input block and the process repeated with a new output block.

Abstract: A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents.

Abstract: A user sets n=0, his mail account A and password S, then computes V.sub.0 =E(A,S), W.sub.0 =E(A,V.sub.0), V.sub.1 =E(A,A.sym.1), W.sub.1 =E(A,V.sub.1) and M.sub.0 =E(W.sub.1, V.sub.0), and initially registers W.sub.0, W.sub.1, M.sub.0 and A by e-mail in a mail server. At a visiting site the user sends a service request and A to the mail server form an arbitrary terminal connected to the Internet, and the mail server reads out the authentication session number n corresponding to the identifier A and sends it back to the user. The user computes V.sub.n-1 =E(A,S.sym.(n-1)), V.sub.n+1 =E(A,S.sym.(n+1)), W.sub.n+1 =E(A,V.sub.n+1). V.sub.n =E(A,S.sym.n) and M.sub.n =E(W.sub.n+1, V.sub.n) and sends V.sub.n-1, W.sub.n+1 and M.sub.n to the mail server. The mail server computes E(A,V.sub.n-1) and E(W.sub.n, V.sub.n-1) and if they agree with preregistered W.sub.n-1 and M.sub.n-1, respectively, the mail server accepts the user as valid and sends a mail message of the user.

Abstract: An apparatus and method that stores image data on a disk along with an application program that operates on those images. The application program is limited to interacting with only the images on the disk. This interaction limitation is accomplished by creating a unique signature for each image from the data of the image and including that signature in the application. Prior to executing image processing operations on any retrieved image the application checks the signature of the image with the signature in the application and if there is not a match the application program is disabled.

Abstract: In response to an inquiry by an unsophisticated Subscriber over a nonsecure network, a Provider returns a public key and retains the corresponding private key. The Subscriber encrypts a password using the public key, which is decrypted by the Provider. The password is then used to securely transfer to the Subscriber a key determined by the Provider, thereby enabling the Subscriber to decrypt messages encrypted by the Provider and transmitted over the nonsecure network. This password dependent secure transmission of a key to an unsophisticated Subscriber may be accomplished by several methods, including hashing, key lookup, Wizard protocol, and Warlock procedure. In each method the password is used by the Subscriber and the Provider in correlated operations ending in secure receipt by the Subscriber of a key determined by the Provider.

Abstract: A pseudo-random number generator is used as a pre-processing step to generating a long random bit string. The bit string is then "stretched" by performing certain one-way functions in parallel on the bit strings. In a preferred embodiment, specialized constructions based on expander graphs are also used. Preferably, the strings generated by the one-way functions and expander graphs are exclusive-ored. An embodiment may operate in the following manner. Assume a slow but secure generator G.sub.0.1. Using G.sub.0, generate random numbers x.sub.1, x.sub.2, . . . , x.sub.n.2. Using a stretch function, stretch the random numbers into R=r.sub.1, r.sub.2, . . . , r.sub.n where each r.sub.i is a predetermined amount longer than x.sub.i.3. Use R as a one-time pad for encryption.This process provides a long, random, cryptographically secure bit string.

Abstract: In a system for jamming television programs in a cable television system, modified oscillators are used to provide jamming signals to control ports where they are added to the video signal, in order to prevent unauthorized viewing. The oscillators have switchable portions so that they, when receiving appropriate control signals from a control unit on control lines, can be switched to different basic oscillation frequencies and thus each one can cover a very wide frequency range. The basic oscillation frequency of the oscillators is finely adjusted by means of a continuous signal on a line like the conventional voltage control of oscillators. The use of such switched oscillators in an interdiction apparatus for a cable television system provides a number of advantages, such as making the system more flexible and more efficient in terms of jamming capacity for more expensive programs, pay channels, needed oscillator circuitry, etc.

Abstract: A method and system for overcoming the problems associated with certificate revocation lists (CRL's), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.

Abstract: A security apparatus including a number input device (302), an address register (312) responsive to the number input device, an encryption schema memory (316) addressable by the address register to produce an output code and a relative address code, and address incrementing logic (310) responsive the relative address code and operative to increment the address register. The apparatus also preferably includes a PIN register (304) coupled to the number input device, a public code register (306) coupled to the number input device, and merging logic (308) merging outputs of the PIN register and the public code register to be input to the address register. The apparatus also preferably includes an output shift register operative to shift out the output code of the encryption schema memory. The encryption schema memory can be read only memory, writeable memory, or both.

Abstract: A packet authentication and packet encryption/decryption scheme for a security gateway suitable for a hierarchically organized network system and a mobile computing environment. For the packet authentication, in addition to the end-to-end authentication at the destination side packet processing device, the link-by-link authentication at each intermediate packet processing device in the packet transfer route is used. The link-to-link authentication data being inspected by intermediate nodes and end-to-end data (different from link-to-link data) being inspected by destination node but not being inspected by intermediate nodes.

Abstract: A method and apparatus for indicating the time and location at which audio signals are received by a user-carried audio-only recording device. In one embodiment, audio signals are received at a receiver of a user-carried audio-only recording device. A position determining system generates position information indicative of the location of the portable user-carried audio-only recording device when the receiver of the portable user-carried audio-only recording device receives the audio signals. The audio signals and the position information are stored onto recording media. The present embodiment integrates the position information with the audio signals such that alteration of the position information stored on the recording media results in alteration of corresponding audio input signals stored on the recording media.

Abstract: An encryption system and method utilizes a bit stream, called a "master signature", which is divided into bytes with each byte being assigned a byte address. A portion of the master signature, called an "access signature" is randomly selected to encode the message to be transmitted. Both a sender and a receiver have the same access signature. The particular portion of the access signature to be used to encrypt and decrypt a message is identified at the sender by identifying the address of the first byte in this portion of the access signature and the number of bytes sequentially related to this first byte which together with the first byte will be used to encode the message to be transmitted. This information is sent to the receiver. Thus, using this information, the sender can encrypt and the receiver can decrypt the message using the same portion of the access signature.

Abstract: An information processing system includes a first information processing apparatus and a second information processing apparatus arranged separate from the first information processing apparatus and capable of exchanging a signal with the first information processing apparatus. The first information processing apparatus includes a first key generator for generating a first key, and a first encrypting unit for encrypting data using the first key generated by the first key generator to generate first encrypted information. The second information processing apparatus includes a second key storage unit for storing a second key, and a second encrypting unit for encrypting the first key using the second key stored in the second storage unit to generate second encrypted information.

Abstract: A method and system allows encryption services can be added to an existing wireless two-way alphanumeric pager network by providing a pager proxy which is arranged to receive an encrypted message from a sending pager and re-packages it for re-transmission to the destination pager. The sending pager encrypts the message using a session key, and encrypts the session key so that it can only be recovered by a secret key of the pager proxy. The pager proxy, upon recovery of the session key, decrypts the message, generates a new session key, re-encrypts the message, and encrypts the new session key so that it can only be recovered by a secret key of the destination pager. Encryption of the session key can either be carried out by shared secret key encryption or encryption of the session key by a public key corresponding to a private key of the pager proxy or destination pager.